CVE-2025-58622
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact Line: from n/a through <= 2.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-58622
EUVD
EUVD-2025-26545
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack mobile_contact_line_plugin 2.4.1
patchstack mobile_contact_line_plugin 2.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58622 is a Broken Access Control vulnerability in the WordPress Mobile Contact Line Plugin up to version 2.4.0. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with low privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. This means that access control security levels are incorrectly configured, enabling unauthorized actions. [1]

Impact Analysis

This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or access within the WordPress site using the Mobile Contact Line plugin. Although the severity is low (CVSS 4.3) and exploitation is considered unlikely, if exploited, it could compromise the integrity of the site’s access control and lead to unauthorized modifications or misuse of plugin functions. [1]

Detection Guidance

Detection of this vulnerability involves checking if the WordPress Mobile Contact Line plugin version is up to and including 2.4.0, as these versions contain the broken access control issue. Since the vulnerability allows unprivileged users to perform higher-privileged actions due to missing authorization checks, monitoring for unusual privilege escalations or unauthorized actions by Subscriber-level users can help detect exploitation attempts. There are no specific commands provided for detection, but verifying the plugin version via WordPress admin or command line (e.g., wp plugin list) and monitoring logs for suspicious activity is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Mobile Contact Line plugin to version 2.4.1 or later, where the vulnerability is fixed. If updating immediately is not possible, applying Patchstack's virtual patching (vPatching) can provide rapid protection against exploitation. Additionally, monitoring for unauthorized actions and, in case of compromise, engaging professional incident response or performing server-side malware scanning is advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58622. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart